Slashdot Mirror

← Back to Stories (view on slashdot.org)

AOL Instant Messenger Remote Hole

Posted by michael on from the makes-remote-administration-easier dept.

The DSL Guy writes: "The non-profit security team w00w00.org started off 2002 by uncovering a serious flaw in AOL's Instant Messenger protocol. With over 100 million people registered on the AIM service, this vulnerability poses a serious security risk for Internet users worldwide. This flaw can enable remote users to execute code on any machine logged into the AOL IM service. "So easy to hack, no wonder it's number one!" Details can be found at the w00w00 site."

5 of 343 comments (clear)

  1. Now they need a sound to go with their IM by A_Non_Moose · · Score: 5, Funny

    How about the "you got mail" dude do one that says "j00 g0t 0wN3D"!

    One of Many Instant Messenger Exploits (MIME for short), I'm sure.

    {if you are going to assinate a Mime, would you use a silencer?}

    --
    Have you read the moderator guidelines? Well, have you, PUNK? (and I want a Karma: Gnarly option)
  2. It couldn't be... by iiii · · Score: 4, Funny
    It couldn't be, because
    AOL is deeply committed to your security. We use state-of-the-art technology to keep your personal information as secure as possible. We also have put in place privacy protection control systems designed to ensure that the personal data you share with AOL is safe and private. In addition, AOL keeps your password strictly confidential, and all authentication for the Service is performed on AOL's secure servers. Sites participating in the Service may not collect or store AOL password information.

    From this site.

    --
    Light cup, beer drink, thin so chain, neck turtle fat, man I won't say it again
  3. Re:Warnings by Havokmon · · Score: 4, Funny

    One of ICQ's was a login buffer overflow. Basically if you used licq or a NON-Mirabilis version, you could login as anyone just by using a password longer than 15 chars (IIRC).

    Ok so I used it once to send two of my coworkers homo "I like to watch your ass" emails from each other...

    --
    "I can't give you a brain, so I'll give you a diploma" - The Great Oz (blatently stolen sig)
  4. Heh... first hack... by tcc · · Score: 4, Funny

    Change that annoying incomming Email .wav file...

    "You've got nailed"

    --
    --- Metamoderating abusive downgraders since my 300th post.
  5. w00w00? by fobbman · · Score: 4, Funny

    "The non-profit security team w00w00.org..."

    Oh, so the 1337 are going the non-profit route? Nice to see that they are going somewhat legit here, but are we going to see mass-defacement support drives once a month looking for donations, a la PBS? Are they going to only release their best exploits during these fund drives? And how much do I have to donate to get reach the benefactor level where I get the "Bill Gates unrestricted Amex card" number as a gift of thanks?

    More importantly, did Microsoft "give generously" during the "Here's how to hack AIM" episode of "Sesame Street"?

    "Today's Sesame Street was brought to you by the letters M, S, N, and the number 1."